<Sigh!> On 19 March 2016 at 19:19, Daniel Savard <[email protected]> wrote: > I see what you were trying to achieve, however I don't see much > interest in that.
Really, I've been running a successful commercial web site for the last 4 years using Tomcat as a standalone web server and servlet container using exactly this solution. 1000 concurrent sessions pose no problem I mentioned this in my first post, sorry if you missed it. > 1) Obviously, if you were expecting systemd to solve that problem, you > were wrong and it is a sane behavir of systemd to not allow that > neither No, you misunderstood. I was trying to start jsvc from a systemd service file Please read more carefully.I never suggested that systemd would solve the problem > 2) Your solution to your problem is lying on jsvc alone. > 3) I believe is bad security practice to insist to bind on privileged > ports for process that don't need that level of privilege. > > Btw, even if you switch to another user to run the code, you actually > are binding to port 80 as root. > > Maybe you can explain us why you want to do such a thing and using any > other unprivileged port isn't a solution to your problem. What is the default port for non.-encrypted http traffic to a web server? Anyway, I see no reason to start a slanging match, I have better things to do. It's all working quite nicely now anyway, thank you for your input. To learn about jsvc see http://commons.apache.org/proper/commons-daemon/jsvc.html You'll need an up to date ANSI C compiler (I use gcc) Lyallex > > Regards, > ----------------- > Daniel Savard > > > 2016-03-19 12:10 GMT-04:00 Lyallex <[email protected]>: >> It's the simplest way to find out which port you have Tomcat listening on >> >> *NIX based systems don't allow non root uses bind to ports < 1024 >> >> jsvc >> http://commons.apache.org/proper/commons-daemon/jsvc.html >> >> solves this problem, nobody seems to have grasped that this is what I >> was asking about. >> I know of no way to start the container, on port 80 using either >> startup.sh or catalina.sh using start, run or anything else. >> If I'm wrong then I would love to see how it's done. >> >> CentOS Linux release 7.2.1511 (Core) >> >> >> On 19 March 2016 at 13:46, Daniel Savard <[email protected]> wrote: >>> Why? What is the point? The server.xml has nothing to do with >>> integration with systemd. >>> ----------------- >>> Daniel Savard >>> >>> >>> 2016-03-19 1:40 GMT-04:00 Lyallex <[email protected]>: >>>> Would you mind posting your server.xml, here is the relevant bit from mine. >>>> >>>> <Service name="Catalina"> >>>> >>>> <Connector port="80" protocol="HTTP/1.1" >>>> connectionTimeout="20000" >>>> redirectPort="8443" /> >>>> >>>> <Engine name="Catalina" defaultHost="localhost"> >>>> >>>> <Realm className="org.apache.catalina.realm.LockOutRealm"> >>>> >>>> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" >>>> resourceName="UserDatabase"/> >>>> >>>> </Realm> >>>> >>>> <Host name="localhost" appBase="webapps" unpackWARs="true" >>>> autoDeploy="true"> >>>> >>>> <Valve className="org.apache.catalina.valves.AccessLogValve" >>>> directory="logs" >>>> prefix="localhost_access_log" suffix=".txt" >>>> rotatable="false" pattern="combined" /> >>>> </Host> >>>> >>>> </Engine> >>>> </Service> >>>> >>>> On 18 March 2016 at 23:35, Daniel Savard <[email protected]> wrote: >>>>> I believe all distros have over engineered the scripts to start >>>>> Tomcat. Forget all the scripts from your distro, learn the >>>>> signification of the environment variables from the catalina.sh script >>>>> shipped with the default Tomcat version. Define your variables in a >>>>> file, this file is not a script, so you cannot reuse a previously >>>>> defined variable, feed your systemd service definition file with this >>>>> file in the service section as EnvironmentFile=/path/name/to/your/file >>>>> ExecStart=/path/to/catalina.sh start >>>>> ExecStop=/path/to/catalina.sh stop >>>>> >>>>> and you are done. You control everything from the environment file, >>>>> you can easily manage the environment variables without editing the >>>>> systemd's service file. >>>>> >>>>> It is much simpler than the OpenRC set of scripts at my humble >>>>> opinion. I am running Gentoo at home and RHEL at work and both distros >>>>> wrapped Tomcat into too many layers of scripts in order to make it >>>>> working with OpenRC while none of these are required to run and manage >>>>> Tomcat with systemd. >>>>> >>>>> In particular with Gentoo, I no longer use the Tomcat distro packaged >>>>> with Gentoo because they separated the servlet api from Tomcat and you >>>>> need to wrap things into layers of scripts to define the classpath >>>>> properly taking this into account, the vanilla classpath.sh file >>>>> distributed with Tomcat doesn't work and so one. Really, they did a >>>>> very bad job at integrating Tomcat. >>>>> >>>>> Here is my service file: >>>>> >>>>> [Unit] >>>>> Description=Tomcat 8 (Dev) >>>>> After=syslog.target >>>>> After=network.target >>>>> >>>>> [Service] >>>>> EnvironmentFile=/tomcat/tomcat-8-dev/bin/tomcat-8-dev.env >>>>> Type=forking >>>>> User=tomcat >>>>> Group=tomcat >>>>> ExecStart=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh start >>>>> ExecStop=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh stop >>>>> >>>>> [Install] >>>>> WantedBy=multi-user.target >>>>> >>>>> >>>>> And here is the content of my EnvironmentFile: >>>>> >>>>> CATALINA_HOME="/opt/apache-tomcat/apache-tomcat-8.0.32_ds" >>>>> CATALINA_BASE="/tomcat/tomcat-8-dev" >>>>> CATALINA_OUT="/var/log/tomcat-8-dev/catalina.out" >>>>> JAVA_HOME="/opt/oracle-jdk-bin-1.8.0.74" >>>>> CATALINA_PID="/var/run/tomcat-8-dev.pid" >>>>> >>>>> >>>>> ----------------- >>>>> Daniel Savard >>>>> >>>>> >>>>> 2016-03-18 13:31 GMT-04:00 Lyallex <[email protected]>: >>>>>> I thought you might be interested in the resolution to this. >>>>>> >>>>>> It turns out that we needed to reproduce the environment in >>>>>> tomcat.service >>>>>> >>>>>> For some reason >>>>>> >>>>>> ExecStart=/etc/rc.d/init.d/tomcat7 doesn't work >>>>>> (file shown at the end of this message) >>>>>> >>>>>> Instead, in /etc/systemd/system/tomcat.service >>>>>> we have had to reproduce the environment in longhand to get it to work. >>>>>> It appears that systemd doesn't expand variables so I really need to >>>>>> investigate the systemd Environment thing a bit more. >>>>>> Anyway, when I shutdown -r now the server comes back up and tomcat is >>>>>> running at the unprivileged tomcat user on port 80 so that's a result >>>>>> >>>>>> ============== /etc/systemd/system/tomcat.service ============ >>>>>> [Unit] >>>>>> Description=Apache Tomcat Web Application Container >>>>>> After=network.target >>>>>> >>>>>> [Service] >>>>>> Type=forking >>>>>> User=root >>>>>> >>>>>> ExecStart=/opt/apache-tomcat-7.0.42/bin/jsvc \ >>>>>> -user tomcat \ >>>>>> -home /opt/jdk1.7.0_45 \ >>>>>> -Dcatalina.home=/opt/apache-tomcat-7.0.42 \ >>>>>> -Dcatalina.base=/opt/apache-tomcat-7.0.42 \ >>>>>> -Djava.io.tmpdir=/var/tmp \ >>>>>> -Djava.awt.headless=true \ >>>>>> -Xms512m \ >>>>>> -Xmx1024m \ >>>>>> -outfile /opt/apache-tomcat-7.0.42/logs/catalina.out \ >>>>>> -errfile /opt/apache-tomcat-7.0.42/logs/catalina.err \ >>>>>> -pidfile /var/run/tc7/jsvc.pid \ >>>>>> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \ >>>>>> -Djava.util.logging.config.file=/opt/apache-tomcat-7.0.42/conf/logging.properties >>>>>> \ >>>>>> -cp >>>>>> /opt/apache-tomcat-7.0.42/bin/bootstrap.jar:/opt/apache-tomcat-7.0.42/bin/commons-daemon.jar:/opt/jdk1.7.0_45/lib/tools.jar:/opt/apache-tomcat-7.0.42/bin/tomcat-juli.jar >>>>>> \ >>>>>> org.apache.catalina.startup.Bootstrap >>>>>> >>>>>> ExecStop=/bin/kill -9 /var/run/tc7/jsvc.pid >>>>>> ExecStopPost=/bin/rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid >>>>>> >>>>>> [Install] >>>>>> WantedBy=multi-user.target >>>>>> >>>>>> >>>>>> Oh happy day >>>>>> Thanks again to all responders >>>>>> >>>>>> Lyallex >>>>>> >>>>>> ========= /etc/rc.d/init.d/tomcat7 ========= >>>>>> >>>>>> JAVA_HOME=/opt/jdk1.7.0_45 >>>>>> CATALINA_HOME=/opt/apache-tomcat-7.0.42 >>>>>> export JAVA_HOME CATALINA_HOME >>>>>> CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/tomcat-juli.jar >>>>>> TOMCAT_USER=tomcat >>>>>> TMPDIR=/var/tmp >>>>>> PIDFILE=/var/run/tc7/jsvc.pid >>>>>> >>>>>> >>>>>> RC=0 >>>>>> >>>>>> case "$1" in >>>>>> >>>>>> start) >>>>>> >>>>>> $CATALINA_HOME/bin/jsvc -user $TOMCAT_USER -home $JAVA_HOME >>>>>> -Dcatalina.home=/opt/apache-tomcat-7.0.42 >>>>>> -Dcatalina.base=$CATALINA_HOME -Djava.io.tmpdir=$TMPDIR >>>>>> -Djava.awt.headless=true \ >>>>>> -Xms512m \ >>>>>> -Xmx1024m \ >>>>>> -outfile $CATALINA_HOME/logs/catalina.out \ >>>>>> -errfile $CATALINA_HOME/logs/catalina.err \ >>>>>> -pidfile '/var/run/tc7/jsvc.pid' \ >>>>>> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \ >>>>>> >>>>>> -Djava.util.logging.config.file=$CATALINA_HOME/conf/logging.properties \ >>>>>> -cp $CLASSPATH \ >>>>>> org.apache.catalina.startup.Bootstrap >>>>>> >>>>>> RC=$? >>>>>> >>>>>> [ $RC = 0 ] && touch /var/tc7lock/subsys/tomcat >>>>>> echo "starting tomcat7 on darkstar with:" >>>>>> echo "JAVA_HOME=$JAVA_HOME" >>>>>> echo "CATALINA_HOME=$CATALINA_HOME" >>>>>> echo "CLASSPATH=$CLASSPATH" >>>>>> echo "tomcat started" >>>>>> ;; >>>>>> >>>>>> stop) >>>>>> >>>>>> PID=`cat /var/run/tc7/jsvc.pid` >>>>>> kill $PID >>>>>> >>>>>> RC=$? >>>>>> >>>>>> [ $RC = 0 ] && rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid >>>>>> echo "stopping tomcat7 on darkstar with:" >>>>>> echo "JAVA_HOME=$JAVA_HOME" >>>>>> echo "CATALINA_HOME=$CATALINA_HOME" >>>>>> echo "CLASSPATH=$CLASSPATH" >>>>>> >>>>>> echo "tomcat stopped" >>>>>> ;; >>>>>> >>>>>> *) >>>>>> echo "Usage: $0 {start|stop}" >>>>>> exit 1 >>>>>> esac >>>>>> exit $RC >>>>>> >>>>>> --------------------------------------------------------------------- >>>>>> To unsubscribe, e-mail: [email protected] >>>>>> For additional commands, e-mail: [email protected] >>>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: [email protected] >>>>> For additional commands, e-mail: [email protected] >>>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [email protected] >>>> For additional commands, e-mail: [email protected] >>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
